Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Completely hiding the Google bar is not the best idea: You can't log out, you can't navigate to Gmail or other application settings, and you can't see your notifications. But you can change the Google bar to have a white background and black text with just some simple CSS changes:

HTML manuals can do all the things accused of PDFs, and you won't even know about half of them! Your browser automatically sends your operating system and locale preferences on every request. The hosting site doesn't even need Javascript to access them. But if you did have Javascript enabled, your HTML documentation could also read and write to Flash and HTML5 offline storage databases, often without your consent or direct knowledge! The horrors!

"Wolf said that the document format is also full of other surprises. For example, it is reportedly possible to write PDFs which display different content in different operating systems, browsers or PDF readers -- or even depending on a computer's language settings."

Amazing -- totally unbelievable!! This should be wholly forbidden. Who would want to read documentation that knew what system you were running, or what language you could read, and tailored the display to make it more relevant to you? Text files don't let you do these things! Adobe is clearly going too far.

The constitution and its amendments specify certain inalienable rights that cannot be violated by state and national laws. Strictly speaking, the Congress can pass any legislation it wants, and the president can sign or veto any of that legislation, regardless of constitutionality. It is the federal courts, and usually the Supreme Court, that then enforce the constitutionally of laws through the federal appeal process. If they find that certain pieces of legislation violate the rights granted to the people by the constitution, they can invalidate them and remove them from law.

In my humble opinion, this is the tug and pull that makes the United States still livable. Without it, the United States would still have segregation, abortion would be illegal, most schools would teach Christianity, people accused of crimes would have far fewer rights, and the press would likely be very tight-lipped. Though, on the other side, the 2nd Amendment has caused many very noble-intentioned gun control laws to become invalidated.

The security problem is easy: How about your phone just asks you whether you accept the charges, and you click "Yes". Of course there will always be fraud wherever there's money, but such a confirmation system seems much more secure than existing US-style credit cards.

And you should have more faith in humanity that FB updates won't automatically go out whenever you buy something. We've learned that's a bad idea. But maybe people can choose specific purchases to publicize... like if you buy concert tickets, that'd be fun to have friends know. But the mass market would never install something that broadcasts every purchase; they'd just stick to credit cards instead.

Full disclosure, I work for Google. But I have no say in these kinds of things. Normally I wouldn't comment on such an article, but do I think it's enlightening to hear Google's side of the story. Therefore, here are CEO Eric Schmidt's recent comments on this topic:

"People get confused about Net neutrality," Schmidt said. "I want to make sure that everybody understands what we mean about it. What we mean is that if you have one data type, like video, you don't discriminate against one person's video in favor of another. It's OK to discriminate across different types...There is general agreement with Verizon and Google on this issue. The issues of wireless versus wireline get very messy...and that's really an FCC issue not a Google issue."

Basically, it's important for VOIP to have a certain quality of service for clear voice calls, but different QOS rules may make sense for other data types. For example, downloading raw data files can be bursty. Precaching future web pages or Javascripts doesn't have to always succeed. But, "you don't discriminate against one person's [data] in favor of another".

What does size have to do with whether something's a netbook? In my mind, a netbook is something geared towards using Internet applications (such as Gmail, Facebook, Amazon, Google Docs, etc), without all the processor, hard disk and operating system requirements for running local applications.

At least, that's what the "net" part of "netbook" leads me to believe.

By using this exploit, spammers get additional user useful data: They'll know each user's full name in most cases. They'll know that the user is interested in the site he's commenting on. They'll know what language he speaks. Basically, they can compose much more compelling emails with a higher probability of getting through and even being seen as relevant to the recipient.

This is not related to the MD5 algorithm or use of salts. The fact is that Gravatar wants sites to use Gravatar without sending loads of requests to gravatar.com. Therefore Gravatar must provide a "client-side" API for generating Gravatar avatar URLs based on the known constant, email addresses. Sure, they could have salted things, but whatever they do, there's an essentially open source function somewhere that takes an email address and converts it to a Gravatar URL. As the algorithm is available to anyone, any attack can use it to check intelligent guesses against the known algorithm result.

There really isn't anything Gravatar can do without changing their design to decouple avatar URLs from email addresses. Basically whenever anyone registers an account with a blog, the site would have to ask Gravator for the user's Gravatar avatar URL -- and probably poll on some regular basis in case users add Gravatar avatars later. The blog would then have to pertain this data in their databases for later look-up when comments are viewed. This is certainly possible, and could probably be designed in a way that doesn't add additional load to Gravatar's servers. But compared to the current implementation, which can be added to blogs with very minimal coding (probably just a couple lines in PHP), to do this more safely would require persistence-layer/database schema changes that would severely limit the attractiveness of Gravatar.

+1 on $8/hour just being strange. I started out at a $10/hour internship doing computer graphics and Perl programming 12 years ago, then $15/hour doing coding for a GOVERNMENT CONTRACTOR two years later. Now that I work for a "major software company", we'd be caught dead paying interns less than $25/hour because we want them to by happy and come back! This economy is a huge stumbling block, though, so maybe you're lucky with what you get. But at $8/hour I think you're not actually getting an IT position, but a personal assistant position, and you'd probably do well to find other opportunities.

I read the article and he's exactly proposing paying off the top 1000 sites. Direct quote: "Would the top 1k most visited sites take a cool $1mm each?" Sure, then he pontificates... what if the top 100k sites also got a cut? But he doesn't suggest anything besides paying off sites, the largest getting nearly $1mm.

Why does everyone talk about encrypting the signals? It's more important to know who is talking than attempting to restrict the list of people who can hear or transmit. Therefore it would make sense to me to sign the transmissions. If there's noise, the signing fails, but you can still use other forms of trust to verify the transmitter. Without significant noise, you have a greater degree of trust -- and with that, people without trust can be ignored.